[Bug 446392] New: SSL error: Key usage violation

Simon Josefsson simon at josefsson.org
Wed May 14 17:19:10 CEST 2008


Joe Orton <jorton at redhat.com> writes:

> I'm about to go on holiday so won't be able to look into this myself for 
> a week or so; Fedora 9 ships with GnuTLS 2.0.4, but I can reproduce this 
> with the slightly stale git checkout I had lying around, so I'd suspect 
> this is a GnuTLS cert validation bug?
>
> $ ./bin/gnutls-cli svn.eionet.europa.eu
> Resolving 'svn.eionet.europa.eu'...
> Connecting to '217.74.209.183:443'...
> *** Fatal error: Key usage violation in certificate has been detected.
> *** Handshake has failed

Hi.  Thanks for the report.  Without further information, I believe that
is the correct behavior.

jas at mocca:~/src/gnutls$ gnutls-cli -d 4711 svn.eionet.europa.eu 2>&1 |grep 'Selected cipher'
|<3>| HSK[8074078]: Selected cipher suite: DHE_RSA_AES_128_CBC_SHA1
jas at mocca:~/src/gnutls$ 

RFC 2246 and 4346:

      DHE_RSA                 RSA public key that can be used for
                              signing.
...
   All certificate profiles and key and cryptographic formats are
   defined by the IETF PKIX working group [PKIX].  When a key usage
   extension is present, the digitalSignature bit MUST be set for the
   key to be eligible for signing, as described above, and the
   keyEncipherment bit MUST be present to allow encryption, as described
   above.  The keyAgreement bit must be set on Diffie-Hellman
   certificates.

jas at mocca:~/src/gnutls$ certtool -i < cert.pem |grep 'Key Usage' -A 2
		Key Usage (not critical):
			Key encipherment.
		Subject Key Identifier (not critical):
jas at mocca:~/src/gnutls$ 

In other words, the certificate must have the digitalSignature bit
enabled to be usable as a TLS server certificate for this ciphersuite.

/Simon





More information about the Gnutls-devel mailing list